Why the Panama Papers Fall-out Requires Your Attention

Why the Panama Papers Fall-out Requires Your Attention

The tax affairs of wealthy individuals and international organisations came into the spotlight recently, with the hacking of client files at Panamanian law firm Mossack Fonseca. Here, Diane Cairney, Partner and Head of Litigation with leading Scottish legal practice Miller Samuel Hill Brown, considers the “Panama Papers” and the potential implications for your business.

The recent “Panama Papers” catastrophe officially represents the largest, single data leak in history with over 2.5 terabytes of seemingly secure, private and confidential information released to the world. It is fair to say that the shockwaves of the incident have been felt around the globe. In the cold light of day, this epic hacking scandal is surely a wake-up call to every company and a reminder that it is vital to treat cyber-security with the same stringency as legal, regulatory, financial or operational risks.

Whilst the incident may have involved high profile individuals and global organisations, its fall out is something that every business owner and company director should relate to — however small the organisation may be. Protecting company data from attack is not just about keeping client data safe; it’s just as much about protecting your reputation and future competitive edge, as well as keeping inside the law.  It’s also worth noting that the risk is just as likely to come from current or previous employees or competitors, as opposed to external forces, as demonstrated by the examples below.

Last year a UK manufacturing company had design blueprints stolen and shared with a competitor. They launched an investigation when the competitor released equipment which was extremely similar to their own and established that they had been subject to a targeted cyber-attack. The stolen blueprints had been sold to Chinese-owned companies. The infiltration was achieved when hackers targeted a job-seeking chief design engineer, who unwittingly downloaded malware through an email, after responding to a fake online recruitment profile designed specifically to trap him. In another case, Morrisons supermarket is currently being sued in a group litigation involving more than 5000 of its employees, after personal and financial details were posted online by a disgruntled ex-employee.

Company directors are duty bound to ensure they are meeting the requirements of the Data Protection Act and the Communications Act in the UK, and those will shortly be joined by the EU Data Protection Regulation and EU Cybersecurity Directive. This runs alongside a director’s duty to be informed of any issues that are relevant to the proper running of the company under the Companies Act 2006.

A new London-headquartered National Cyber Security Centre is expected to begin operations in October 2016, bringing all the UK’s cyber expertise into one place to address current problems with the digital defences of companies and organisations.

Without doubt, electronic data is a hugely valuable commodity, with potentially devastating financial losses when it falls into the wrong hands. It falls to business leaders to make the protection of data in their organisations a top priority.   Already, at Miller Samuel Hill Brown, we are working with a number of reputable firms in Scotland whose sole focus is future proofing the cyber security of our clients.

If this is an area where you feel your business could benefit from advice, please contact  Diane Cairney at Miller Samuel Hill Brown.

Miller Samuel Hill Brown